In a new study by Microsoft called the State of Play report, Microsoft highlighted the growing opportunities for threat actors to target high-profile sporting events, “especially those in increasingly connected environments, introducing cyber risk for organizers, regional host facilities and attendees.”While managing the critical-infrastructure cybersecurity at the 2022 FIFA World Cup in Qatar, Microsoft observed attackers continuously attempting to compromise connected systems through identity-based attacks.
- “What we saw was consistent, with cyber-criminals being opportunistic and seeing where they can infiltrate and find gaps between a lot of connected systems, in the context of a large event. The cybercrime economy’s sheer size and low barriers to entry make this kind of opportunism a significant risk to account for in planning and having layered defenses in place.
- “What makes the sports landscape unique is that the IT assets and operations are so different, you have a lot of mobile devices across teams and staff, and a lot of connectivity across different stadiums, training facilities, hotels and other venues. And the nature of these connections is that they stand up and down as teams complete in seasons and tournaments,” said Justin Turner, Principal Group Manager, Microsoft Security Research.
Furthermore, this allows threat actors to simultaneously target mobile payment and retail systems, socially-engineer participants, and scan for unpatched/misconfigured devices. Also, security complexity is compounded as there are numerous parties managing a multitude of systems, such as corporate sponsors, municipal authorities and third-party contractors.
George McGregor, VP, Approov has this comment:
“A key element are the apps which are launched for events (for example the FIFA Women’s World Cup app – 10M+ downloads on Android) which are intended to be a “one-stop shop” for events. Unless they are protected, they can leak personal financial data and also be a source of other information which can be used in broader infrastructure attacks.”
Amit Patel, SVP, Cyware follows up with this:
“Anytime you gather tens of thousands of people together using shared infrastructure it’s an attractive target for attackers. Major sports leagues are realizing that they need to address security collectively – not relying on local capabilities. By monitoring threats globally, and sharing intel automatically across leagues and venues, and anticipating attacks, we can reduce risks considerably.”
Sporting events are clearly not the safe places that they once were. This is why not only the people who run these events have to make sure that there is a holistic view of their cybersecurity landscape, but we have to do our part by being mindful of the fact that there are threats that might be lurking at these events.